Description
png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.
Remediation
References
Related Vulnerabilities
LimeSurvey Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2019-16187)
WordPress Multiple Cross-Site Scripting and SQL Injection Vulnerabilities (1.2.1 - 1.2.2)
Perl Resource Management Errors Vulnerability (CVE-2013-1667)
Plone CMS Weak Password Requirements Vulnerability (CVE-2020-7940)
Apache HTTP Server Uncontrolled Resource Consumption Vulnerability (CVE-2023-45802)